Last Updated August 21, 2019
This is our Privacy Notice. Please scroll down or click on the headings above to discover more.
We only process your Personal Data if we have a legal basis to do so – this may be consent or another legal basis; we collect only the information necessary to fulfill your relationship with us; we don’t sell it to third parties; and we only use it as this Privacy Notice says we do. We strive to provide a high standard of privacy protection for you. For the full version please continue reading.
Background to this Privacy Notice
The entity responsible for processing your Personal data is OffSec Services Limited, of 5 Secretary’s Lane, Gibraltar along with its affiliates and individual contractors (“Offensive Security”). It provides the products and services as advertised on Offensive Security’s Sites (as defined below) to individual students (“Students”) and customers who are organizations (“Customers”).
This Privacy Notice explains what Personal Data (as defined below) we collect on our Sites, which include offensive-security.com, kali.org, kali.training, and exploit-db.com (“Sites”), and through the offering of our Services to Site visitors, Students and Customers and the provision of services to us by third parties (“Suppliers”).
This Privacy Notice explains how we use and share that Personal Data, and your choices about our data practices. Please read this Privacy Notice before using the Sites.
Other related terms and conditions
What this Privacy Notice does not apply to
This Privacy Notice does not apply to:
- Personal Data we hold about our employees or consultants isn’t covered by this Privacy Notice.
- How other organizations use your Personal Data if you link to their Sites, apps, products, services or social media from our Sites, apps or social media. By providing these links we do not imply that we endorse or have reviewed these third party sites. Please contact those sites directly for information on their privacy practices and policies.
- Personal Data you post to the public areas of the Sites or Services. This includes, but is not limited to comments on any Offensive Security blog or public forum. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.
Accessing your Personal Data
We want to make sure the Personal Data we hold on you is up to date and relevant. You are also legally entitled to know what Personal Data we hold on you. If you’d like a copy of some or all of your Personal Data or you think your Personal Data is inaccurate, you can ask us to correct or remove it. Please contact us at privacy @ offensive-security.com.
Please be aware that if you do not want to provide your Personal Data to us or you ask us to delete it, we may no longer be able to provide the Services to you.
Personal Data we collect
When you interact with us, our Sites or Services, we collect Personal Data that, alone or combined with other Personal Data, could identify you (“Personal Data”).
Automatically Collected Data
When you access the Sites or use the Services, the following Personal Data is created and automatically logged in our systems:
- Log data: Information (“log data”) that your browser automatically sends whenever you visit the Offensive Security Sites. Log data includes your Internet Protocol (“IP”) address, browser type and settings, the date and time of your request, and how you interacted with the Sites or Services.
- Device information: Information (“device data”) that includes the device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. The information collected may depend on the device you use and its settings.
- Usage Information: Information (“usage data”) we collect about how you use our Sites and Services, such as the content you view or engage with, the features you use, and the actions you take.
We use various technologies to collect and store information, including cookies, pixel tags, local storage such as browser web storage or application data caches, databases and server logs.
Personal Data You Give Us
When you access the Sites, we may collect additional Personal Data from you through web forms such as names, phone numbers, postal addresses, email addresses, or other Personal Data you provide to us.
When you ask about, sign up for or use the Services, you may voluntarily give us certain Personal Data, including your location, name, company, gender, age range, and contact information. We also may collect from you billing information (i.e., country and credit card details). We may further collect from you a scanned government ID, scanned utility bill(s), scanned bank statement(s), and scanned income statement(s), parent name(s), IDs, and consent letters.
We also collect Personal Data you provide to us when you complete any “free text” boxes in our forms or provide us with any emails (for example, support request or survey submission). In addition, we may collect Personal Data disclosed by you on our blogs and forums and our other areas of the Services to which you can post Personal Data and materials.
Personal Data we create or collect
When you register to use our Services, our systems will generate unique identifiers including your main Offensive Security ID (“OSID”), Purchase ID, Lab ID, Certificate ID, Video ID, system username and password. These identifiers are known as “pseudonymized” personal data and cannot alone identify you but can identify you when combined with other Personal Data we hold.
We may also gather nicknames or handles you operate under in public blogs, forums, chat rooms or other channels.
We keep a record of your purchase history and examination history. We may also keep administrative notes on your file.
Copy of emails between us will be kept in our systems.
As noted under the heading “How we use your Personal Data” we create and keep videos of Students during the proctoring of examinations.
Personal Data We Get From Third Parties
We may receive identification and contact Personal Data about you from our Customers if they are paying for you to use our Services, our Suppliers and business partners if you are working with us on their behalf, data brokers providing non-public lists and publicly available sources like LinkedIn and other directories.
In addition, we may verify your identification using third party service providers who may provide additional identification data to us.
Where we process your Personal Data
We store and process this Personal Data on servers in the United States, Israel and the Philippines, and we use this information for our internal purposes and to provide you with information, support, and Services.
How we use personal data
We use the Personal Data we collect, described above
- To provide Services to you: For our legitimate interests and/or to perform a contact, to authenticate users, provide the Services, process transactions and respond to your requests. For all Site visitors and Students, including visitors and Students within the EU, this use is necessary to provide the Sites to you and perform and enforce the Service(s) contract with you. If we cannot verify a Student’s identity with the basic information we collect, we may request additional Personal Data such as a scanned government ID, scanned utility bill(s), or scanned bank statement(s). We process this data to confirm your identity and to ensure that we can lawfully provide you with our Services (e.g. screening against various “prohibited persons” lists and sanctioned countries). If we are not entirely satisfied with the results, we may use your Personal Data to prevent you from buying Services from us.
For Students under the age of 18, we collect name(s) and IDs of and consent to process your Personal Data and provide you with Services from, the person who has parental responsibility for you.
- To undertake Service-related activities: For our legitimate interests:
- To customize the user experience.
- To better understand how visitors interact with our Sites and ensure that our Sites are presented in the most effective manner for you, and as part of our efforts to keep our Sites, network, and information systems secure.
- To conduct analytics to inform our marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our visitors and Students.
- To communicate with you in connection with the Services you are using. If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, we will keep basic data to identify you and prevent further unwanted processing.
- Provide your Personal Data to third parties if its necessary for the Services we are providing
- To bill you: For the performance of a contract, for billing. For all Site visitors or Students requesting paid Services, we collect your billing information identified above to process payments using our third-party Vendors and Service Providers referenced below. This applies to all Site visitors and Students, including those within the EU, and this use is necessary for us to perform the Services contract with you. We store and process this Personal Data in addition to providing this information to our third-party Vendors and Service Providers (described below).
- To protect our Intellectual property: For our legitimate interests and/or performance of a contract , to protect our intellectual property. We may use your Personal Data to mark course materials we provide to you so we can monitor and protect our confidential intellectual property if it is published or made available without our permission. Any marking of materials may include the Student’s full name, home address, personal email address, and OSID, in a visible form.
- To enforce our academic policy or Master Terms: For our legitimate interests and/or performing a contract, to terminate or suspend your access to our products or prevent you from placing future orders. We will use your Personal Data to record situations where we believe you have breached our academic policy, have abused our intellectual property rights or otherwise breached the Master Terms you agree to when you register with us. We may use this record to terminate or suspend your access to our Services and prevent you from placing orders with us.
- To proctor your exam: For our legitimate interests and/or performing a contract, for online proctoring of examinations. When an examination is subject to online proctoring, the Student’s webcam and computer screen will be monitored, viewed, recorded, stored, and/or audited to ensure the integrity of the examination, including by Offensive Security’s employees, contractors, proctors, and/or agents. This means that Student and any of Student’s immediate surroundings, and anything else within range of Student’s webcam or viewable on Student’s computer screen, may be monitored, viewed, recorded, stored, and/or audited during and following the examination. The Student’s video feed and screen feed is monitored by Offensive Security proctoring personnel in the Philippines and stored on Offensive Security’s servers in the Philippines.
- To undertake marketing: For our legitimate interests or, where required by law, with your consent, to send you updates and information about our other products and services, upcoming events or other promotions or news by telephone, email or push notification. You may opt out of receiving further marketing emails by following the instructions contained in each promotional email we send you or by contacting us at firstname.lastname@example.org. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
- To manage Customer relationships: For our legitimate interests and/or performing a contract, if you are an employee or contractor of one of our Customers, we will use your Personal Data to manage our relationship with that Customer including communicating with you about the Services, for billing and for sending you updates and information about our other Services, upcoming events or other promotions or news by telephone, email or push notification. Please see the paragraph above in relation to your right to opt out of future marketing emails.
- To manage Supplier relationships: For our legitimate interests and/or performing a contract, if you are a Supplier or an employee or contractor of one of our Suppliers, we use your Personal Data to manage our relationship with you/that Supplier, for payment and to communicate with you/that Supplier about the products and services you/they are supplying to us.
- To undertake background checking: For our legitimate interests and/or to comply with the law, before we provide you with Services or buy products or services from you or during our business relationship, we’ll use Personal Data you have given us with information we have collected from credit reference agencies or suppliers of “prohibited persons and countries” lists to manage our regulatory, credit or business risk. In our sole discretion, we may refuse to provide or buy services or products to or from you based on the results of our investigations. When credit reference agencies get a search request from us, a ‘footprint’ goes on your file which other organisations might see.
- To collect debts from you: For our legitimate interests and/or performing a contract, if you don’t pay your bills, we might ask a third party to collect what you owe. We’ll give them Personal Data about you (such as your contact details) and your account (the amount of the debt) and may sell the debt to another organisation to allow us to receive the amount due.
- To prevent and detect crime: For our legitimate interests and/or to comply with the law, we’ll use and share your Personal Data to help prevent and detect crime. For example, we might share your Personal Data with government and law-enforcement agencies. We’ll also use it to prevent and detect criminal attacks on our computer network. To do that we use any Personal Data we hold on you to the extent necessary including any CCTV footage and Personal Data we have collected from credit reference agencies or suppliers of “prohibited persons and countries” lists. We use this Personal Data because we have a legitimate interest in preventing and detecting crime.
- To comply with our legal obligations: For our legitimate interests and/or to comply with the law, we’ll share Personal Data where we have to legally share it with another person. That might be when the law says we have to or because of a court order. Above, we have given examples of organisations we might share your Personal Data with e.g. credit reference agencies. When we share your Personal Data with these organisations we do our best to ensure it’s protected, as far as reasonably possible. We also use service providers to process Personal Data on our behalf.
Our legitimate interest in using your Personal Data
We will use your Personal Data for our legitimate interests if we have assessed we have a legitimate business interest in doing so to operate our business.
How do we assess we have a legitimate business interest?
- checked the usage is necessary and there’s no less intrusive way to achieve the same result
- considered whether your interests override our interests
- considered whether you would reasonably expect us to use your Personal Data in this way
- considered whether you would find the usage intrusive or it would cause you harm
- taken extra care to protect the interests of children
- considered safeguards to reduce the impact where possible
- have offered you an opt out where appropriate.
Sharing And Disclosure
We may share your Personal Data and other information with certain third parties in these circumstances:
- Affiliates within the Offensive Security Group: for security, business, operational and administrative support purposes.
- Publication of Personal Data in connection with certifications: When a Student passes an examination and obtains a certification, we may publish certain Personal Data of the Student on a publicly available Site so anyone from the public can confirm the Student obtained the certification(s). We allow the public to search by name or by Offensive Security ID (OSID). We display the Student’s name, OSID, course taken, certificate received and associated dates.
- Your Employer and others: If your employer or another third party has paid us for your training or certification, we may disclose the results of your examination and our observations of your performance and conduct to them.
- Service Providers: To assist us in providing products and services and to operate our business, your Personal Data may be shared with our third-party service providers. These include organizations who provide services in relation to the training we provide, marketing, infrastructure and information-technology, payment processing, logistics and shipping and professional advice.
- Third Party Accreditation: Sometimes, our certifications will be accredited by their parties as equivalent to their own. If you wish to take advantage of such accreditation, we will transfer your Personal Data to such third parties.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction.
- Legal Requirements: If required to do so by law, applicable regulation or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Offensive Security, (iii) act in urgent circumstances to protect the personal safety of users of the Sites or the Services, or the public, or (iv) protect Offensive Security against legal liability.
Where we use another organisation to provide services or products to us, we still control and are responsible for your Personal Data and for ensuring there are controls in place to make sure it’s adequately protected.
If we need to transfer your Personal Data to another organisation for processing in countries outside the EEA and not listed as ‘adequate’ by the European Commission, we’ll only do so if we have model clauses or other appropriate safeguards (protection) in place. For transfers between our Affiliates, we rely on model clauses. In relation to our US data centre and our US cloud platform providers, we rely on model clauses. We have a further data center in Israel which is listed as adequate by the European Commission.
We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Notice, while we have a legitimate business need to do so in connection with your account, or as required by law (e.g., for tax, legal, accounting or other purposes), whichever is the longer.
We do have additional specific data retention policies for certain categories of data.
- Authentication and Parental Consent: For the additional Personal Data collected as part of the authentication process (e., scanned government ID, scanned utility bill(s), or scanned bank statement(s)), we delete this data after 30 days. We also delete limited Personal Data collected as part of the parental consent process (i.e., parental IDs) after 30 days.
- Billing Information: For the Personal Data we collect for billing (e., country, credit card name, credit card number, credit card expiration date, billing address, and credit card CVV), we store this data in encrypted form and do not store the complete credit card number. We delete this data after 1 year from the most recent transaction (payment or refund). This retention policy applies only to the billing information stored by Offensive Security and not to the billing information we provide to our third-party Vendors and Service providers.
- Proctoring Video and Screen Feeds: For any video and screen feeds obtained by Offensive Security during proctoring an examination, we delete this data after 6 months. We may keep it for longer is we suspect you may be in breach our our Academic Policy and your examination attempt is under investigation.
The Personal Data that we collect is stored and processed on servers in the United States, Israel and the Philippines. We take steps to ensure that your Personal Data is protected from unauthorized disclosure.
Cookies are a standard feature of Sites that allow us to store small amounts of data on your computer about your visit to the Site. They are widely used to help make Sites work or work in a better, more efficient way, such as by recognizing you and remembering information that will make your use of the Site more convenient (such as by remembering your preference settings). Cookies also help us to learn which areas of the Site are useful and which areas need improvement, and to track your usage of the Site to provide you with targeted advertisements.
Rights Under European Law
This section provides information on your rights where applicable as a data subject under where applicable as a data subject under European data protection law(for these purposes, European data protection law includes reference that for the EU (and which also includes the European Economic Area countries of Iceland, Liechtenstein and Norway)).
Your Rights. Subject to applicable European law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you may ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to erase your Personal Data in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable). If we shared your data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restrictions on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest (described under the “How We Use Data” section above) to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has taken place.
- Right to lodge a complaint with a data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority authorized to hear those concerns.
You may contact us at privacy @ offensive-security.com to exercise your rights.
Changes to processing
We will notify you of changes to the data processing activities described in this Privacy Notice by updating the Privacy Notice or as otherwise required by law.
For Students under the age of 18, we collect name(s) and IDs of and consent to process your personal data and provide you with Services from, the person who has parental responsibility for you.
If you believe we are processing the Personal Data of a Student under the age of 18 without consent from the person who has parental responsibility for them, please contact us at email@example.com and we will endeavor to delete that Personal Data from our databases.
We try to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure.
Changes to our privacy notice
We may change this Privacy Notice at any time and when we do we will post an updated version on this page.
If you want to make a complaint about how we have handled your Personal Data please contact us at firstname.lastname@example.org and we will investigate and report back to you. If you are still not satisfied after our response or believe we are not using your Personal Data in line with the law, you also have the right to complain to a data-protection regulator in Gibraltar this is the Gibraltar Regulatory Authority (www.gra.gi), alternatively see here for details of your local regulator https://edpb.europa.eu/about-edpb/board/members_en
If you have questions about our Privacy Notice or our data practices, please contact us at privacy @ offensive-security.com.
By accessing this website and the information and content contained thereon you acknowledge your acceptance of and agreement to be bound by the following Terms and Conditions of Use of this website.
IF YOU DO NOT ACCEPT OR DO NOT WISH TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS OF USE YOU SHOULD NOT ACCESS THIS WEBSITE AS ANY ACCESS THERETO UNDER SUCH CIRCUMSTANCES WILL BE DEEMED TO BE AN UNEQUIVOCAL ACCEPTANCE OF AND AGREEMENT TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS OF USE.
Access to the information contained on this website may be restricted by laws and regulations applicable to the user. Any person in respect of whom such restrictions apply should not access this website.
Offsec Services Ltd. reserves the right, in its sole discretion, to modify, alter or otherwise update the following Terms and Conditions of Use at any time without prior notice. Any such modification, alteration or update shall be effective immediately upon posting. By using this website after such modification, alteration or update you agree to be bound by such revised Terms and Conditions of Use.
No Reliance and No Warranty
Although OffSec Services Ltd. believes that the information and content contained on this website is accurate at the date of publication, no representation or warranty of accuracy is made. The information and content contained on this website is provided for information purposes only and should not form the basis for any decision. The information and content contained on this website is subject to change without notice.
Disclaimer of Warranties and Liability
All of the information and content contained on this website is provided “as is” and without any warranty of any kind either express or implied. Offsec Services Ltd. disclaims any and all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a general or particular purpose. Offsec Services Ltd. does not warrant that the function of this website will be uninterrupted or error-free, that defects will be corrected, or that the server that makes the information and content available will be free of viruses or other harmful components. The information and content available on this website is provided solely for your convenience and information. Offsec Services Ltd. does not warrant or make any representations regarding the results that may be obtained from the use of this website or the information and content contained thereon, or as to the reliability, accuracy or currency of any information acquired pursuant to your use of this website.
You expressly agree that your use of this website is at your sole risk. You expressly agree that Offsec Services Ltd. shall not be responsible or liable to you or any other person or any entity whatsoever for any loss, damage (whether actual, consequential, punitive or otherwise), injury, claim, liability or other damage caused of any kind or character whatsoever based upon or resulting from your use or attempted use of this website or any linked website or off-site page, including but not limited to any claim or damage arising from failure of performance, error, omission, interruption, deletion, defect, delay in operation, computer virus, theft, destruction, unauthorized access to or alteration of personal records, or the reliance upon or use of data, information, opinions or other information or content appearing on this website.
Nothing on this website shall be construed as a solicitation, offer or recommendation to acquire or dispose of any property or investment or to engage in any other transaction.
Local Legal Restrictions
This website is not directed at any person in any jurisdiction where, by reason of that person’s nationality, residence or otherwise, the publication or availability of this website is prohibited.
Trademarks, Copyrights and Restrictions
All of the information and content on this website, including, but not limited to text, images, illustrations, audio clips, and video clips, is owned and controlled by Offsec Services Ltd. or used under license with all rights reserved and is protected by copyrights, trademarks, service marks, other intellectual property rights and other proprietary rights. The information and content on this website is solely for your personal and non-commercial use. You may print a copy of the information and content contained on this website for your personal and non-commercial use only, but you may not copy, reproduce, republish, upload, forward, disseminate, post, transmit, distribute, and/or exploit the information or content in any way (including by e-mail or other electronic means) without the prior written consent of Offsec Services Ltd. You may request such consent by sending an e-mail to Offsec Services Ltd. It should be noted that any such consent granted will require express mention of Offsec Services Ltd. as the source of the information.
Without first obtaining the aforesaid prior written consent of Offsec Services Ltd., any modification or use of the information or content on this website for any purpose other than your personal and non-commercial use is prohibited and will be a violation of the owner’s copyrights, trademarks, service marks, other intellectual property rights and other proprietary rights. As a condition to your use of this website, you warrant to Offsec Services Ltd. that you will not use this website for any unlawful purpose or in any manner prohibited by these Terms and Conditions of Use. Offsec Services Ltd. retains the right to deny access to this website to anyone at its sole discretion for any reason, including violation of these Terms and Conditions of Use.
You agree to indemnify, defend, and hold Offsec Services Ltd. harmless from and against all losses, expenses, damages and costs, including reasonable attorneys’ fees, resulting from any violation by you of these Terms and Conditions of Use.
Linked Websites and Off-Site Pages
These Terms and Conditions of Use shall be governed by and construed solely in accordance with the Laws of Gibraltar whose courts shall have non-exclusive jurisdiction over any claim, action or legal proceeding which may arise out of or in connection herewith.
The failure by Offsec Services Ltd. to insist, in one or more instances, upon strict performance of your obligations contained herein, or to exercise any right contained herein shall not be construed as a waiver, or relinquishment for the future, of such obligation or right, which shall remain and continue in full force and effect.
If any provision of these Terms and Conditions of Use is held invalid or unenforceable, the remaining provisions shall nevertheless remain valid and enforceable.
The foregoing Terms and Conditions of Use and every obligation contained herein represent the entire Agreement between Offsec Services Ltd. and you and supersede any prior agreements or understandings not incorporated herein.
Any rights not expressly granted herein are reserved by Offsec Services Ltd.
Once a payment is processed, we do not provide refunds.
Offensive Security’s Academic Policy – Try Harder
Offensive Security is no ordinary training company. Before you take our training, you should be aware that our approach is not to provide our students with answers but instead to expect them to work independently and hard to find solutions to the various challenges our training and exams will pose them. The purpose of this approach is to instill a mindset that, in our view, all penetration testers need to succeed. This is core to our tough but well known “Try Harder” training philosophy and indeed is embedded in our corporate mission statement. It is also why our certifications are so highly sought after by employers. As a result, you will see that our Academic Policy takes a very tough stance on many forms of student collaboration that other training companies may allow.
Please take the time to read this Academic Policy as we have a very strict but simple posture regarding any breach of it; in our discretion, any student caught breaching this Academic Policy in preparation for, during or following their exam will (1) be permanently disqualified for life from the exam in question; (2) be barred permanently from making future purchases of any product or service from Offensive Security; (3) have any existing certification(s) revoked. This includes students caught seeking collaboration or assistance from or providing collaboration or assistance to, others such as seeking or providing solutions, answers, notes, hints, support etc.
Additionally, the following activities are not permissible:
- accessing or copying content from, another person’s lab and/or exam report
- the use of sources of support such as aids, notes, coaching, advice or help provided by another or publicly available
- collaboration with any other person regarding exam content
- submission of work created, completed or edited in whole or in part by another person or having another person take an exam on your behalf
- supplying or communicating information or materials including lab or exam reports, details of exam labs or exploits, solutions, answers, notes, hints, support etc. to another person
- seeking or using information or materials including lab or exam reports, solutions, details of exam labs or exploits, answers, notes, hints, support etc. from another person or publicly available
- using false statements to obtain additional time or other accommodations
- breaching Offensive Security’s contractual terms relating to access to or use of its course materials or labs, including in relation to any unauthorized use or disclosure of them
- using any knowledge or expertise gained from any of Offensive Security’s courses in an illegal or unethical manner or to harm any person or entity
- participating in any other conduct that might compromise the integrity or confidentiality of the exam
Thank you for reading our Academic Policy. We wish you the best of luck with your training and exams but do remember; Try Harder!